我正在尝试让我的旧 pi 运行 VPN 服务器,以便我可以从本地网络之外访问本地资源。
请按照以下步骤操作:
curl -L https://install.pivpn.io | bash
选择默认设置、OpenVPN、DHCP 保留、udp、端口 1194、CloudFlare 并重新启动
pivpn add
尝试从另一台设备连接到导入了生成的 .ovpn 文件的服务器没有任何效果。
我尝试按照相同的步骤卸载并重新安装 OpenVPN,但结果却毫无意外地相同。
重新启动后,我得到[OK] started OpenVPN service了[FAILED] Failed to start OpenVPN connection to server
这表明运行命令systemctl status [email protected]
这样做会得到以下输出:
● [email protected] - OpenVPN connection to server
Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2022-03-30 12:35:52 BST; 231ms ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 744 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid (code=exited, status=1/FAILURE)
Main PID: 744 (code=exited, status=1/FAILURE)
CPU: 274ms
pivpn -d输出结果如下:
::: Generating Debug Output
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
Branch: master
Commit: f80b0a7962d91862132c0a4abd65c1e67bd37bd7
Author: 4s3ti
Date: Fri Dec 3 21:41:13 2021 +0100
Summary: Update Changelog
=============================================
:::: Installation settings ::::
PLAT=Raspbian
OSCN=bullseye
USING_UFW=0
IPv4dev=wlan0
dhcpReserv=1
IPv4addr=192.168.1.212/24
IPv4gw=192.168.1.254
install_user=pi
install_home=/home/pi
VPN=openvpn
pivpnPROTO=udp
pivpnPORT=1194
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnSEARCHDOMAIN=
pivpnHOST=REDACTED
TWO_POINT_FOUR=1
pivpnENCRYPT=256
USE_PREDEFINED_DH_PARAM=
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
pivpnDEV=tun0
pivpnNET=10.8.0.0
subnetClass=24
ALLOWED_IPS=""
UNATTUPG=1
INSTALLED_PACKAGES=(openvpn)
HELP_SHOWN=1
=============================================
:::: Server configuration shown below ::::
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi_9b23f305-6583-48ad-b87a-1815a883620c.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi_9b23f305-6583-48ad-b87a-1815a883620c.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
=============================================
:::: Client template file shown below ::::
client
dev tun
proto udp
remote REDACTED 1194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_9b23f305-6583-48ad-b87a-1815a883620c name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
=============================================
:::: Recursive list of files in ::::
::: /etc/openvpn/easy-rsa/pki shows below :::
/etc/openvpn/easy-rsa/pki/:
ca.crt
crl.pem
Default.txt
ecparams
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
iphone.ovpn
issued
openssl-easyrsa.cnf
private
renewed
revoked
safessl-easyrsa.cnf
serial
serial.old
ta.key
/etc/openvpn/easy-rsa/pki/ecparams:
prime256v1.pem
/etc/openvpn/easy-rsa/pki/issued:
iphone.crt
raspberrypi_9b23f305-6583-48ad-b87a-1815a883620c.crt
/etc/openvpn/easy-rsa/pki/private:
ca.key
iphone.key
raspberrypi_9b23f305-6583-48ad-b87a-1815a883620c.key
/etc/openvpn/easy-rsa/pki/renewed:
private_by_serial
reqs_by_serial
/etc/openvpn/easy-rsa/pki/renewed/private_by_serial:
/etc/openvpn/easy-rsa/pki/renewed/reqs_by_serial:
/etc/openvpn/easy-rsa/pki/revoked:
private_by_serial
reqs_by_serial
/etc/openvpn/easy-rsa/pki/revoked/private_by_serial:
/etc/openvpn/easy-rsa/pki/revoked/reqs_by_serial:
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] OpenVPN is running
:: [OK] OpenVPN is enabled (it will automatically start on reboot)
:: [ERR] OpenVPN is not listening, try to restart now? [Y/n] y
Done
[INFO] Run pivpn -d again to see if we detect issues
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: Snippet of the server log ::::
Mar 30 11:56:14 raspberrypi ovpn-server[27301]: Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
Mar 30 11:56:14 raspberrypi ovpn-server[27301]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mar 30 11:56:14 raspberrypi ovpn-server[27301]: Options error: --writepid fails with '/run/openvpn/server.pid': No such file or directory (errno=2)
Mar 30 11:56:14 raspberrypi ovpn-server[27301]: Options error: Please correct these errors.
Mar 30 11:56:14 raspberrypi ovpn-server[27301]: Use --help for more information.
Mar 30 11:56:19 raspberrypi ovpn-server[27314]: Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
Mar 30 11:56:19 raspberrypi ovpn-server[27314]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mar 30 11:56:19 raspberrypi ovpn-server[27314]: Options error: --writepid fails with '/run/openvpn/server.pid': No such file or directory (errno=2)
Mar 30 11:56:19 raspberrypi ovpn-server[27314]: Options error: Please correct these errors.
Mar 30 11:56:19 raspberrypi ovpn-server[27314]: Use --help for more information.
Mar 30 11:56:30 raspberrypi ovpn-server[27322]: Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
Mar 30 11:56:30 raspberrypi ovpn-server[27322]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mar 30 11:56:30 raspberrypi ovpn-server[27322]: Options error: --writepid fails with '/run/openvpn/server.pid': No such file or directory (errno=2)
Mar 30 11:56:30 raspberrypi ovpn-server[27322]: Options error: Please correct these errors.
Mar 30 11:56:30 raspberrypi ovpn-server[27322]: Use --help for more information.
Mar 30 11:56:36 raspberrypi ovpn-server[27334]: Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
Mar 30 11:56:36 raspberrypi ovpn-server[27334]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mar 30 11:56:36 raspberrypi ovpn-server[27334]: Options error: --writepid fails with '/run/openvpn/server.pid': No such file or directory (errno=2)
Mar 30 11:56:36 raspberrypi ovpn-server[27334]: Options error: Please correct these errors.
Mar 30 11:56:36 raspberrypi ovpn-server[27334]: Use --help for more information.
=============================================
:::: Debug complete ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::
重点关注错误:
--writepid fails with '/run/openvpn/server.pid': No such file or directory (errno=2)
我找不到任何可行的解决方案,并且尝试手动启动服务器似乎没有任何作用:
sudo OpenVPN /etc/openvpn/server/server.conf
2022-03-30 12:15:25 考虑使用 tls-groups 设置组/曲线偏好,而不是使用 ecdh-curve 强制特定曲线。
pi@raspberrypi:/etc/openvpn/服务器$
查看 OpenVPN 服务的状态,看起来它正在正常运行:
systemctl service openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2022-03-30 11:56:42 BST; 27min ago
Process: 27361 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 27361 (code=exited, status=0/SUCCESS)
CPU: 16ms
Mar 30 11:56:42 raspberrypi systemd[1]: Starting OpenVPN service...
Mar 30 11:56:42 raspberrypi systemd[1]: Finished OpenVPN service.
任何建议或帮助都将不胜感激,我对网络还很陌生,这是我第一次遇到并向专家请教的问题。如果我遗漏了任何信息或有用的输出,可以提出建议,请告诉我。
答案1
OpenVPN - 错误:无法打开 TUN/TAP dev /dev/net/tun:没有此文件或目录(errno=2)
#!/bin/bash
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
/etc/init.d/openvpn restart